Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18823

18823 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25192 CTEK Chargeportal Missing Authentication for Critical Function — ChargeportalCWE-306 9.4 Critical2026-03-20
CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering — simplejwtCWE-400 7.5 High2026-03-20
CVE-2026-33476 SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal — siyuanCWE-22 7.5 High2026-03-20
CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass — siyuanCWE-248 7.5 High2026-03-20
CVE-2026-23536 Feast: unauthenticated arbitrary file read — Red Hat OpenShift AI (RHOAI)CWE-22 7.5 High2026-03-20
CVE-2026-3584 Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-94 9.8 Critical2026-03-20
CVE-2026-33143 OneUptime: WhatsApp Webhook Missing Signature Verification — oneuptimeCWE-345 5.3 -2026-03-20
CVE-2026-29794 Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers — vikunjaCWE-807 5.3 Medium2026-03-20
CVE-2026-32595 Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration — traefikCWE-208 3.7 -2026-03-20
CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption — FileRiseCWE-798 8.2 High2026-03-20
CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion — FileRiseCWE-306 3.7 Low2026-03-20
CVE-2026-33057 Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py — mesopCWE-94 9.8 Critical2026-03-20
CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS — AVideoCWE-942 8.1 High2026-03-20
CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php — AVideoCWE-200 5.3 Medium2026-03-20
CVE-2026-33040 libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow — rust-libp2pCWE-190 7.5 -2026-03-20
CVE-2026-33038 AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments — AVideoCWE-306 8.1 High2026-03-20
CVE-2026-33035 Unauthenticated Reflected XSS via innerHTML in AVideo — AVideoCWE-79 6.1 -2026-03-20
CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator — AVideo-EncoderCWE-918 9.8 -2026-03-20
CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint — langflowCWE-94 9.8 -2026-03-20
CVE-2026-4136 Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect — Membership Plugin – Restrict ContentCWE-640 4.3 Medium2026-03-20
CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call — Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation ToolkitCWE-862 9.8 Critical2026-03-20
CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) — siyuanCWE-79 9.3 Critical2026-03-20
CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config — AnchorrCWE-79 9.7 Critical2026-03-20
CVE-2026-21992 Oracle Identity Manager 安全漏洞 — Oracle Identity Manager 9.8 Critical2026-03-20
CVE-2026-4465 D-Link DIR-513 formSysCmd os command injection — DIR-513CWE-78 6.3 Medium2026-03-20
CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion — admidioCWE-862 9.1 Critical2026-03-20
CVE-2026-32873 ewe: Loop with Unreachable Exit Condition ('Infinite Loop') — eweCWE-825 7.5 High2026-03-20
CVE-2026-32985 Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution — Xerte Online ToolkitsCWE-306 9.8 Critical2026-03-20
CVE-2026-33368 Zimbra Collaboration Suite(ZCS) 安全漏洞 — n/a 6.1 -2026-03-20
CVE-2026-32761 File Browser has an Authorization Policy Bypass in its Public Share Download Flow — filebrowserCWE-284 6.5 Medium2026-03-19

Vulnerabilities classified as access:pre-auth represent 18823 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.